The Open Barn Door

It's tough enough these days for American companies to compete with their Pacific Rim rivals, even when the playing field is level. It's a lot tougher when your trade secrets are peddled by competitors. One Dallas computer maker, for example, recently spotted its sensitive pricing information in the bids of a South Korean rival. The firm hired a detective agency, Phoenix Investigations, which found an innocent-looking plastic box in a closet at its headquarters. Inside was a radio transmitter wired to a cable connected to a company fax machine. The bug had been secretly installed by a new worker-a mole planted by the Korean company. "American companies don't believe this kind of stuff can happen," says Phoenix president Richard Aznaran. "By the time they come to us the barn door is wide open."

Welcome to a world order where profits have replaced missiles as the currency of power. Industrial espionage isn't new, and it isn't always illegal, but as firms develop global reach, they are acquiring new vulnerability to economic espionage. In a survey by the American Society for Industrial Security last year, 37 percent of the 165 U.S. firms responding said they had been targets of spying. The increase has been so alarming that both the CIA and the FBI have beefed up their economic counterintelligence programs. The companies are mounting more aggressive safeguards, too. Kellogg Co. has halted public tours at its Battle Creek, Mich., facility because spies were slipping in to photograph equipment. Eastman Kodak Co. classifies documents, just like the government. Lotus Development Corp. screens cleaning crews that work at night. "As our computers become smaller, it's easier for someone to walk off with one," says Lotus spokesperson Rebecca Seel.

To be sure, some U.S. firms have been guilty of espionage themselves-though they tend not to practice it overseas, because foreign companies have a tighter hold on their secrets. And American companies now face an additional hazard: the professional spy services of foreign nations. "We're finding intelligence organizations from countries we've never looked at before who are active in the U.S.," says the FBI's R. Patrick Watson. Foreign intelligence agencies traditionally thought friendly to the United States "are trying to plant moles in American high-tech companies [and] search the briefcases of American businessmen traveling overseas," warns CIA Director Robert Gates. Adds Noell Matchett, a former National Security Agency official: "What we've got is this big black hole of espionage going on all over the world and a naive set of American business people being raped."

No one knows quite how much money U.S. businesses lose to this black hole. Foreign governments refuse to comment on business intelligence they collect. The victim rarely publicize the espionage or report it to authorities for fear posing vulnerabilities to stockholders. But more than 30 companies and security experts NEWSWEEK contacted claimed billions of dollars are lost annually from stolen trade secrets and technology. This week a House Judiciary subcommittee is holding hearings to assess the damage. IBM, which has been targeted by French and Japanese intelligence operations, estimates $1 billion lost from economic espionage and software piracy. IBM won't offer specifics but says that the espionage "runs the gamut from items missing off loading docks to people looking over other people's shoulders in airplanes."

France's intelligence service, the Direction Generale de la Securite Exterieure (DGSE), has been the most brazen about economic espionage, bugging seats of businessmen flying on airliners and ransacking their hotel rooms for documents, say intelligence sources. Three years ago the FBI delivered private protests to Paris after it discovered DGSE agents trying to infiltrate European branch offices of IBM and Texas Instruments to pass secrets to a French competitor. The complaint fell on deaf ears. The French intelligence budget was increased 9 percent this year, to enable the hiring of 1,000 new employees. A secret CIA report recently warned of French agents roaming the United States looking for business secrets. Intelligence sources say the French Embassy in Washington has helped French engineers spy on the stealth technology used by American warplane manufacturers. "American businessmen who stay in Paris hotels should still assume that the contents of their briefcases will be photocopied," says security consultant Paul Joyal. DGSE officials won't comment.

The French are hardly alone in business spying. NSA officials suspect British intelligence of monitoring the overseas phone calls of American firms. Investigators who just broke up a kidnap ring run by former Argentine intelligence and police officials suspect the ring planted some 500 wiretaps on foreign businesses in Buenos Aires and fed the information to local firms. The Ackerman Group Inc., a Miami consulting firm that tracks espionage, recently warned clients about Egyptian intelligence agents who break into the hotel rooms of visiting execs with "distressing frequency."

How do the spies do it? Bugs and bribes are popular tools. During a security review of a U.S. manufacturer in Hong Kong, consultant Richard Heffernan discovered that someone had tampered with the firm's phone-switching equipment in a closet. He suspects that agents posing as maintenance men sneaked into the closet and reprogrammed the computer routing phone calls so someone outside the building-Heffernan never determined who--could listen in simply by punching access codes into his phone. Another example: after being outbid at the last minute by a Japanese competitor, a Midwestern heavy manufacturer hired Parvus Co., a Maryland security firm made up mostly of former CIA and NSA operatives. Parvus investigators found that the Japanese firm had recruited one of the manufacturer's midlevel managers with a drug habit to pass along confidential bidding information.

Actually, many foreign intelligence operations are legal. "The science and technology in this country is theirs for the taking so they don't even have to steal it," says Michael Sekora of Technology Strategic Planning, Inc. Take company newsletters, which are a good source of quota data. With such information in hand, a top agent can piece together production rates. American universities are wide open, too: Japanese engineers posing as students feed back to their home offices information on school research projects. " Watch a Japanese tour team coming through a plant or convention," says Robert Burke with Monsanto Co. "They video everything and pick up every sheet of paper."

In the old days a business spy visited a bar near a plant to find loose-lipped employees. Now all he needs is a computer, modem and phone. There are some 10,000 computer bulletin boards in the United States-informal electronic networks that hackers, engineers, scientists and government bureaucrats set up with their PCs to share business gossip, the latest research on aircraft engines, even private White House phone numbers.

An agent compiles a list of key words for the technology he wants, which trigger responses from bulletin boards. Then, posing as a student wanting information, he dials from his computer the bulletin boards in a city where the business is located and "finds a Ph.D. who wants to show off," says Thomas Sobczak of Application Configured Computers, Inc. Sobczak once discovered a European agent using a fake name, who posed questions about submarine engines to a bulletin board near Groton, Conn. The same questions, asked under a different hacker's name, appeared on bulletin boards in Charleston, S.C., and Bremerton, Wash. Navy submarines are built or based at all three cities.

Using information from phone intercepts, the NSA occasionally tips off U.S. firms hit by foreign spying. In fact, Director Gates has promised he'll do more to protect firms from agents abroad by warning them of hostile penetrations. The FBI has expanded its economic counterintelligence program. The State Department also has begun a pilot program with 50 Fortune 500 companies to allow their execs traveling abroad to carry the same portable secure phones that U.S. officials use.

But U.S. agencies are still groping for a way to join the business spy war. The FBI doesn't want companies to have top-of-the-line encryption devices for fear the bureau won't be able to break their codes to tap phone calls in criminal investigations. And the CIA is moving cautiously because many of the foreign intelligence services "against whom you're going to need the most protection tend to be its closest friends," says former CIA official George Carver. Even American firms are leery of becoming too cozy with their government's agents. But with more foreign spies coming in for the cash, American companies must do more to protect their secrets.

Corporate predators haven't exactly been shy about greasing a few palms. In some cases they glean information simply by bribing American employees. In others they lure workers on the pretense of hiring them for an important job, only to spend the interview pumping them for information. If all else falls, the spies simply hire the employees away to get at their secrets, and chalk it all up to the cost of doing business.

A wealth of intelligence is hidden in plain sight-right Inside public records such as stockholder reports, newsletters, zoning applications and regulatory filings. Eavesdropping helps, too. Agents can listen to execs' airplane conversations from six seats away. Some sponsor conferences and invite engineers to present papers. Japanese businessmen are famous for vacuuming up handouts at conventions and snapping photos on plant tours.

Electronic transmitters concealed inside ballpoint pens, pocket calculators and even wall paneling can broadcast conversations in sensitive meetings. Spies can have American firms' phone calls repouted from the switching stations to agents listening In. Sometimes, they tap cables attached to tax machines.

Planning to leave your briefcase back at the hotel? The spooks will love you. One of their ploys is to sneak Into an exec's room, copy documents and pilfer computer disks. Left your password sitting around? Now they have entree to your company's entire computer system.